From ef86c2f22b2fd6a2c3f1dd5be30a5dd1ba1b2041 Mon Sep 17 00:00:00 2001 From: Philip Yang Date: Wed, 8 Nov 2017 17:18:21 -0500 Subject: [PATCH 2190/4131] drm/amdkfd: Add crash protection in debugger register path After debugger is registered, the pqm_destroy_queue fails because is_debug is true, the queue should not be removed from process_queue_list since the count is not reduced. Test application calls debugger unregister without register debugger, add null pointer check protection to avoid crash for this case BUG: SWDEV-129006 Change-Id: I74d46b25c59ae441b3a3754e1b65b611030acd2d Signed-off-by: Philip Yang --- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 2 +- drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index ad3caadf..2ab1758 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -597,7 +597,7 @@ static int kfd_ioctl_dbg_unregister(struct file *filep, long status; dev = kfd_device_by_id(args->gpu_id); - if (!dev) + if (!dev || !dev->dbgmgr) return -EINVAL; if (dev->device_info->asic_family == CHIP_CARRIZO) { diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c index 5912f42..877149d 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_process_queue_manager.c @@ -322,6 +322,10 @@ int pqm_destroy_queue(struct process_queue_manager *pqm, unsigned int qid) kfree(pqn->q->properties.cu_mask); pqn->q->properties.cu_mask = NULL; retval = dqm->ops.destroy_queue(dqm, &pdd->qpd, pqn->q); + if (retval) { + pr_debug("Destroy queue failed, returned %d\n", retval); + goto err_destroy_queue; + } uninit_queue(pqn->q); } @@ -333,6 +337,7 @@ int pqm_destroy_queue(struct process_queue_manager *pqm, unsigned int qid) list_empty(&pdd->qpd.priv_queue_list)) dqm->ops.unregister_process(dqm, &pdd->qpd); +err_destroy_queue: return retval; } -- 2.7.4